Information pursuant to Art. 13 and 21 of the General Data Protection Regulation (GDPR)
With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Therefore, not all sections of this information will apply to you.
In addition, this privacy information may be updated from time to time. You can find the latest version on this page at any time.
Currently valid: Version 1.0 from 15 February 2021
You can reach our data protection officer at:
Data Protection Officer Aignostics GmbH
c/o activeMind AG
Management- und Technologieberatung
Tel.: +49 (0)30 / 770 19 10 70
Purposes and legal basis for processing your personal data
We process personal data in accordance with the provisions of GDPR and the German Data Protection Act (BDSG):
For the fulfilment of contractual obligations (Art. 6(1)(b) GDPR)
The processing is necessary for the performance of a contract with you. This may include the sending of a newsletter, which is a contractual service.
If you enquire about an offer, the data processing is carried out in response to your enquiry and is necessary for the implementation of pre-contractual measures.
Due to legal requirements (Art. 6(1)(c) GDPR)
We are subject to various legal obligations that entail data processing. These include, for example, tax laws, as well as statutory accounting, the fulfilment of enquiries and requirements of supervisory or law enforcement authorities, as well as the fulfilment of control and reporting obligations under tax law.
In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil claims.
Within the context of the balancing of interests (Art. 6(1)(f) GDPR)
Where necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Examples of such cases are:
- if you contact us by e-mail or telephone, the data you enter will be stored for the purpose of individual communication with you,
- assertion of legal claims and defence in legal disputes,
- storage of further contacts in our CRM system for communication purposes.
Who gets your data?
Within our company, employees receive your data for the contact with you and the contractual cooperation (incl. the fulfilment of pre-contractual measures).
Your data will only be passed on to service providers (processors) if it is necessary for the fulfilment of our contractual tasks (e.g. support/maintenance of IT applications, accounting, data destruction). All service providers are obliged to treat your data confidentially on the basis of a processing contract.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with the applicable data protection regulations. Under these conditions, recipients of personal data may be, for example:
- public authorities and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation,
- credit and financial services institutions (processing of payment transactions),
- tax advisors, business and wage tax auditors (statutory audit mandate)
Is data transferred to a third country or to an international organisation?
Your data will only be processed within the European Union and states within the European Economic Area (EEA).
How long will your data be stored?
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted. Exceptions to the above deletion criteria arise for data,
- which are required for the fulfilment of legal storage obligations, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are generally six to ten years,
- to preserve evidence within the framework of the statutory limitation provisions. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned above apply here.
What data protection rights do you have?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
With regard to the right to information and the right of erasure, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR). A list of the supervisory authorities (for the non-public sector) with address can be found at:
Is there an obligation for me to provide data?
Within the framework of the contractual relationship, you may provide such personal data as is necessary for the commencement, performance and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will not be able to contact you, conclude the contract with you or perform it.
Information about your right to object according to Art. 21(1) GDPR
Right to object on a case-by-case basis
You have the right to object at any time to the processing of your personal data by us on grounds relating to your particular situation, where this has been carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Recipient of an objection
The objection can be made informally with the subject “Objection”, stating your name, address and date of birth, and should be addressed to: